Securing the global office

The only potential barrier to entry for seamless business goal delivery would be the inability for the global office to securely access mission-critical applications and data.

Businesses can take advantage of the benefits of the global office while maintaining - if not improving - security.

Remote working enables employees to achieve a better work/life balance. A survey by the Equal Opportunities Commission shows increased demand for remote working solutions from over 60% of the UK's population. The trend is similar in SA, with more local companies embracing flexible working during 2007.

The benefits of flexible working for the individual are obvious. They do, however, also exist for the employer. A flexible working strategy will extend an organisation's potential workforce, as well as increasing its territory of operation, productivity and attendance. Not to mention the hours saved by employees who no longer need to sit on congested highways in rush-hour traffic.

Remote working initiatives are often executed by employees accessing corporate data and applications from home, or even their local coffee shop, over open wireless networks. These networks have been identified as a focus for growing hacker activity, often motivated more by financial gain than by mischief.

In addition, it is paramount that information access for the mobile workforce is not impaired in the event of system failure, power outage, natural disaster or any other threats to business continuity. Global corporations need a system that is easily backed up and instantly re-routed in the event of a problem.

The safeguarding of intellectual property, while enabling workers to operate remotely, is a major concern for all IT professionals, especially for those supporting outsourced operations.

Traditional security and remote access work in opposite to each other; enable the one and it compromises the other's effectiveness.

In the report: "The Chief Information Security Officer's guide to compliance" issued by Gartner, it poses the concern that the hype about purported short-term cost savings will prevent the formal assessment and acceptance of outsourcing risk being widely considered as best practice before 2008.

The necessity to comply with a raft of new regulations makes the need for improved IT governance, and security measures in particular, more pressing than ever.

Traditional security and remote access work in opposite to each other; enable the one and it compromises the other's effectiveness.

Nick Keene is country manager at Citrix Systems South Africa.

Regulations such as Sarbanes Oxley, King ll and HIPAA (covering healthcare providers and insurers) all require that safeguards are put in place. Even though guidance is included in the majority of these regulations, the lack of detail is concerning.

So how does a company with a flexible working, mobility or outsourcing strategy safeguard its information, while simultaneously ensuring that adding system features does not lead to sluggish application performance, in essence bringing the operation to its knees?

In SA, an independent generalist insurance company has implemented application virtualisation technology to supply secure, real-time access to its 150-strong workforce and 600 brokers nationally. Its workforce manages more than 12 000 policies, approximately 1 000 of which require amendments every month.

The company changed its approach to mobility and security from the tactical to the strategic. By hosting data and applications centrally - and delivering them virtually, it has ensured all information is saved securely on the server regardless of the network quality.

In order for virtualisation to be effective, the ability to view, download, print or otherwise capture an organisation's intellectual property must be determined by an employee's role, clearance level and the security of the environment in which they operate. In addition, organisations need to be able to instantly identify and monitor employees that attempt to override these controls.

Whether motivated by compliance, productivity or cost-savings, companies need to take a holistic view of their operations - one that goes far beyond the confines of physical walls or networks and that focuses on security risks even at an application level.

Once a company has assessed the level of business risk to which it is exposed to across its operation, it should define a critical path for containing risks and will therefore be in a better position to realise the benefits of an application infrastructure strategy.